﻿
package com.utils;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.Map;
import java.util.TreeMap;

import org.apache.commons.lang.StringUtils;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.lib.crypto.JCrypto;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.util.KeyUtil;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;


public class SecureUtil {

	private static PrivateKey payPriKey;				//代付私钥key	
	private static String certPath="rsa/test1024.pfx";						//代付私钥证书
	private static String certPass="123123";						//代付私钥证书密码
	private static String cmbcCertPath="rsa/test1024.cer"; 				//代付证书公钥
	/**
	 * 
	 *********************************************************.<br>
	 * [方法] checkCert <br>
	 * [描述] (校验证书) <br>
	 * [参数] sourceData(原数据),signature(待校验的签名)<br>
	 * [返回] boolean <br>
	 * [时间] 2015-11-12 上午10:35:55 <br>
	 *********************************************************.<br>
	 */
	public static boolean checkCert( byte[] sourceData,byte[] signature){
		boolean bool=false;
		FileInputStream certFile=null;
		try {
			Signature engine = new Signature();
			String deviceType = JCrypto.JSOFT_LIB;
			certFile=new FileInputStream(cmbcCertPath);
			X509Cert cert = new X509Cert(certFile);
			JCrypto.getInstance().initialize(deviceType, null);
			Session session = JCrypto.getInstance().openSession(deviceType);
			bool= engine.p1VerifyMessage(Mechanism.SHA1_RSA, sourceData, signature, cert.getPublicKey(), session);
		} catch (Exception e) {
			e.printStackTrace();
		}finally{
			if(certFile!=null){
				try {
					certFile.close();
				} catch (IOException e) {
					e.printStackTrace();
				}
			}
		}
		return bool;
	}
	/**
	 * 
	 *********************************************************.<br>
	 * [方法] submitDate <br>
	 * [描述] ( sourceData 签名数据) <br>
	 * [参数] (对参数的描述) <br>
	 * [返回] Map<String,String> <br>
	 * [时间] 2015-12-7 下午4:06:07 <br>
	 *********************************************************.<br>
	 */
	public static Map<String, String> submitDate(Map<String, String> sourceData) {
		try {
			 Signature engine = new Signature();
			String deviceType = JCrypto.JSOFT_LIB;
			JCrypto.getInstance().initialize(deviceType, null);
			Session session = JCrypto.getInstance().openSession(deviceType);
			PrivateKey priKey =null;
			if(payPriKey==null){
				priKey= KeyUtil.getPrivateKeyFromPFX(certPath, certPass);
				payPriKey=priKey;
			}else{
				priKey=payPriKey;
			}
			
			System.out.println("签名map:"+sourceData.toString());
			byte[] signature = engine.p1SignMessage(Mechanism.SHA1_RSA,sourceData.toString().getBytes("UTF8"), priKey,session);
			sourceData.put("signature", Base64.getBase64(new String(signature)));
		} catch (PKIException e) {
			e.printStackTrace();
		} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
		}
		return sourceData;
	}
	/**
	 * 
	 *********************************************************.<br>
	 * [方法] signData <br>
	 * [描述] (过滤map中value为空的key) <br>
	 * [参数] (对参数的描述) <br>
	 * [返回] Map<String,String> <br>
	 * [时间] 2015-11-12 上午10:15:13 <br>
	 *********************************************************.<br>
	 */
	public static Map<String, String> signData(Map<String, ?> contentData) {
		Map<String, String> submitFromData = new TreeMap<String, String>();
		Object[] key_arr = contentData.keySet().toArray();  
		Arrays.sort(key_arr);  
		for  (Object key : key_arr) {  
			Object value = contentData.get(key);  
			if(value!=null&&StringUtils.isNotBlank(value.toString())){
				if(!key.equals("signature")){
					submitFromData.put(key.toString().trim(), value.toString().trim());
				}
			}
		}  
		return submitFromData;
	}

}

	